Have you ever wanted to have a way to put all of your credit cards into one spot so you don’t have to carry them all around all the time? Yes, there are apps like Apple Pay where you can avoid carrying around your cards if you enter the numbers into the app, but there is a risk at having those stored in that way. Well, if you haven’t heard, there is a card called the Fuze Card that lest you store several numbers on it and switch between them using only one single card. Wow! Yes, it’s unbelievable and it’s true. And while can certainly be beneficial to the average Joe and Jane, the U.S. Secret Service says criminals have also picked up on this nifty item and are using it to hide the fact that they are carrying around several different stolen cards.

You see, when one is shuffling through several cards while checking out at a store, it might raise some suspicion with the store employees. This is especially true if the first and/or second of the cards are declined. By using the Fuze Card, they can look less suspicious.

These cards can hold up to 30 credit cards. There is no card number, expiration or other information printed on the card. The user simply chooses which card to use for payment by pressing the little buttons on the card. Then, using the magnetic strip or chip (depending on which version of the card the user has), they swipe and the charge goes on the designated card. It’s genius, right!

Well, criminals do indeed think so. Apparently, fraud rings will purchase thousands of stolen payment card numbers and place them into these Fuze Cards. Then they will make purchases or even withdraw funds from ATMs, if they have debit card numbers too.

Now that you know that these cards are being used this way, you can understand how important it is to guard your payment card details. Yes, once you provide it to purchase something, whether online or at a point of sale terminal, you lose control of it. But you can prevent it from being used by simply being aware of your charges. Check them often and if anything looks out of place, contact your card issuer immediately and get it resolved. If you get a notification from any retailer that your card may have been compromised, cancel it.

It’s easy to get complacent about stolen payment card numbers these days. There are safeguards in place to protect consumers, but that doesn’t mean there isn’t a cost involved with fraud. Though you will likely get reimbursed for most or all of the fraudulent charges, it still costs your financial institution to resolve it. Fraud costs are also built in to pricing at retailers and if their costs continue to rise, so will yours. Nothing comes for free. If everyone works together to fight fraud, it will be less costly for all of us in the end.

That wonderful Internet of Things (IoT) enables us to communicate and do so many awesome things is now the subject of a recent FBI warning. For everyday users, the IoT connects billions of devices worldwide, allowing us do things we never dreamed were possible. We use can now turn on a light or heat at home without being there, monitor dinner progress in our slow cooker from our office, use medical devices we need to survive and monitor them online, and of course, view pretty much anything from the Internet on our smart TV’s. However, we’ve come to know for all of the good the IoT offers, there are hackers conniving to exploit and abuse the IoT for personal gain. Whether it’s a lone-wolf hacker or a state-sponsored hacking group, the IoT is a vulnerable target. Recently, the FBI acknowledged those IoT vulnerabilities on their website with an official Public Service Announcement (PSA) for US citizens.

In part, Wikipedia defines the IoT as “The network of physical devices, vehicles, home appliances, and other items embedded with electronics, software, sensors, actuators, and connectivity which enables these things to connect and exchange data…” FBI concerns center on this vast network and how easily the IoT is used for criminal purposes. Their warning lists several ways compromised devices on the IoT can be misused and these are just a few of them: Send spam emails; maintain anonymity; generate click-fraud activities; buy, sell and trade illegal images and goods.

In their PSA, the FBI warns that compromised devices can escape detection by their owners. There are many users out there who have no idea their device has been hacked, and the FBI notes some ways a device may act under those conditions including: Devices become slow or inoperable; a larger than usual internet bill shows up; home or business internet connections are running slow. The FBI’s suggestions for user protection and defense are many: Use antivirus regularly and make sure it’s up-to-date; reboot devices regularly as most malware is stored in memory; change default usernames and passwords; ensure all IoT devices are up to date and security patches are incorporated.

For more information on this Public Service Announcement and other IoT security concerns, visit the FBI Internet Crime website and type I-080218-PSA in the search bar.

Like gamblers, cybercriminals love hitting the jackpot. The FBI is warning in a “not-so-confidential” alert to financial organizations about an imminent scheme to steal large amounts of cash from ATMs all around the world. The expectation is that this will occur very soon. It is a scheme called jackpotting, where the cybercriminals hack a financial institution or payment card processor, then used cloned cards they steal from them at ATMs.

Initially reported by Brian Krebs of Krebs on Security, the criminals use phishing to infiltrate a financial institution, then use information stolen from them to create fake cards. They then change the security controls that may be in place so that the ATMs will dispense unlimited amounts. Unfortunately more specific details regarding this potential attack are not currently available and it is unknown what if any specific financial institutions are already breached. That said, everyone will need to remain on high alert until further details emerge.

In the meantime, the most important thing you can do is lookout for phishing scams. Regardless of the security tools that may be in place at home or at work, phishing emails make their way into inboxes more often than anyone would like. While it is getting more difficult to detect phishing these days, there are still some tried and true guidelines. If they are not well-written, have generic greetings, and just don’t look professional, they are most likely phishing. However, the number one rule to follow these days is never open an attachment or click a link that you are not expecting to receive. This holds true no matter who the sender may be.

Since this attack is likely to originate as a result of a hack into an organization that is not yet known, everyone should keep tabs on their bank balances for at least the next few weeks. If there is any change, up or down that is not a result of your own activity, immediately contact your financial institution to let them know.

Hitting the jackpot is no longer limited to Vegas or Monaco. Cybercriminals are figuring out how to do it stealthily. And while casinos have lots of security and cameras everywhere, those things just don’t exist in the cyberworld.

The FBI’s Internet Crime Complaint Center (IC3) has issued a new public service announcement about what it calls the $12 Billion Scam. Every so often the IC3 posts numbers on how much business email compromise (BEC) scams are increasing. In July, its PSA revealed some shocking, but informative statistics on this scam.

BEC (also called email account compromise or EAC) scams are carried out when a bad actor targets a business or individual and convinces someone to perform a wire transfer or some other act involving the transfer of sensitive information. This may mean emailing W-2 information, for example. Between December of 2016 and May of 2018, these types of scams increased 136% in global losses. It’s been reported in all 50 states and in 150 countries. Based on the data collected, most of the funds end up in Asian banks, mostly in China and Hong Kong. However, financial institutions in other countries, including the UK have also been identified as recipients of the fraudulent funds.

Recent big targets for these scammers have been in the real estate sector. These include title companies, real estate agents, buyers, sellers, and law firms. Most of the time, victims reported receiving an email with a spoofed sender’s address that appeared to be from someone on behalf of one of the real estate transaction participants. Victims were instructed to change the payment location and/or type of payment to a fraudulent account. Between 2015 and 2017, the number of real estate related BEC scams rose by more than 1100%, according to the IC3 announcement. Monetary losses related to this industry rose nearly 2200%. Total domestic and international exposed dollar losses were $12,536,948,299. This number includes everything that is reported, regardless of country.

To protect yourself and your business from this type of fraud, there are some actions one can take:

Independently verify all wire transfer requests. Not only is this just good practice, but often the scammers will request payments originally intended to be paid by check, be switched to wire transfer.

Be suspicious of anyone who insists on communication only via email.

Be wary of providing personal or sensitive information over the phone if there is not 100% confidence of the recipient’s motives on the other end of the line.

Put processes in place to require secondary confirmation before transferring sensitive information over the phone, such as establishing code phrases only known by legitimate parties.

Never exchange sensitive information in email. Most of the time, email is not encrypted and therefore not safe for transferring this type of information.

In a time long ago, there were a couple of very large data breaches. You may remember them: Target and Home Depot. Way back then, in 2015, the payment cards customers used at point-of-sale (POS) systems at these places and everywhere else in the United States required swiping a card, so the machine could read the magnetic strip on the back. Well, as is now well known, it’s not so hard for cyberthieves to recreate cards and use them to make their own purchases when they can get all the needed data from hacking into a location and just taking it.

After those biggies, the U.S. government started pressuring card issuers to provide EMV (Europay, MasterCard, Visa) chip cards to consumers for added protection. While the adoption rate was initially slow, according to statistics from Visa, EMV adoption is up to 2.7 million stores as of December 2017 and accounts for 59% of all U.S. storefronts. That’s an increase from 392,000 stores in September of 2015.

An even bigger benefit is that it has reduced payment card fraud by a whopping 70% in a little over two years. The number of EMV cards in use increased in the same timeframe from 159 million to over 481 million.

But while the EMV cards are more secure they are not 100% safe. The FBI warned users in 2015 that while it’s more difficult for these to be counterfeited, the risk of card-not-present (CNP) fraud is more prevalent. This refers to situations where the details from the cards are stolen and used to make purchases online. All the fraudster needs are the name, expiration date, and the verification code to do this.

Security firms are warning that malware can make it onto systems that run the online stores where it can steal payment card information when it’s entered into the payment pages on websites.

In addition to this risk, a different type of fraud is now being seen called account takeover (ATO) attacks. The cybercriminals are using passwords they gain in other ways to get access to online accounts and go shopping.

Password reuse is no laughing matter. The criminals will use login names and password combinations over and over until they are successful. The ones doing the ATO crimes may not even be the ones that stole the passwords in the first place. Often, very large lists of them can be found on the dark web. They use a brute-force type of attack called “credential-stuffing” to perform tests en masse using the stolen information.

So always use unique login credentials for online sites. It doesn’t matter what the site is for. It can be a financial site, a gaming site, or even just a blogger’s site where no sensitive information may be held. They should each have unique passwords so that a thief isn’t successful when they are performing these password reuse attacks.

And the guidelines for strong passwords always apply:

Use at least eight characters

Don’t use known information in them such as birthdates of people you know

No dictionary words or names

Use upper and lower case letters, numbers, and special characters

Change them on a regular basis. Don’t leave them the same for years on end. That's just asking for trouble.

A recently discovered cyberattack involves impersonating the FBI’s Internet Crime Complaint Center (IC3) to trick unsuspecting people into giving up personal details to criminals. There are currently three identified versions of this scam; all claim to pay victims some amount of restitution once the personal details are entered into a form. And another surprise…the form that is sent for those details to be entered into also contains malware that ends up on the user’s device.

It isn’t detailed how the cybercriminals get the email addresses, but considering that most people’s email address (or many of them) has been stolen over the years, it could have been from anywhere. If you ever wondered why your email address can be so valuable; after all, it’s just an address, this is one reason. They can address you personally if they have such information. And when it seems that a communication is specific to you, you are more likely to take it seriously.

But don’t be fooled by this or any other. The IC3 will not directly initiate communication with you using email. They will do that via the U.S. Postal Service.

Two of these reported scams appear very legitimate. One letter uses legal language to describe what happened and even include links to the so-called stories of the arrests of the perpetrators who supposedly took advantage of the victims. Another is a very short and sweet note supposedly from the IC3’s Cyber Division stating that the victim’s IP address was used in fraud and he or she is due restitution. A fake toll-free phone number is included. The third is very poorly written with many grammatical mistakes. It claims the victim’s name was found in a corporate database used to send fraudulent funds to Nigeria.

Neither the IC3 nor FBI will ever ask you to fill out an unsolicited form they send you. However, if you believe you have been a victim of any of these or any other internet-related crime, regardless of the amount of money involved, report it on the website. There is a link there to use. They request that you be as detailed as possible about what happened, when it occurred, what websites were used, any relevant names and addresses, including email addresses used, and any account numbers used to transfer funds. They also recommend you keep all related documentation in case they need to access it later.

We use cookies to give you a more relevant browsing experience and improve our website. Using this site means that you agree with our use of cookies policy.

Chances are pretty good that you have heard the term business email compromise or BEC by now. It is a type of wire transfer fraud that the FBI has deemed one of the most prevalent types of scam going around these days. In 2017, there were over 15,690 complaints that resulted in total adjusted losses of more than $675 million. That is an 87% increase over 2016 and it is expected to continue to rise. The Identity Theft Resource Center (ITRC) reported that of the fraud related complaints reported in 2017, the most common type was wire transfer fraud.

Chances are pretty good that you have heard the term business email compromise or BEC by now. It is a type of wire transfer fraud that the FBI has deemed one of the most prevalent types of scam going around these days. In 2017, there were over 15,690 complaints that resulted in total adjusted losses of more than $675 million. That is an 87% increase over 2016 and it is expected to continue to rise. The Identity Theft Resource Center (ITRC) reported that of the fraud related complaints reported in 2017, the most common type was wire transfer fraud.

This Privacy Policy applies to and is provided on behalf of Stickley on Security. (collectively referred to as "We", "Us", or "Our") and describes Our information gathering
practices and policies in connection with this Site. We value your ("User", "You", or "Your") privacy and recognize the sensitivity of Your personal information. We are
committed to protecting Your personal information and using it only as appropriate to provide You with the best possible service, products, and opportunities. Use of this
Site constitutes consent to Our collection and use of personal data as outlined herein.

COLLECTION AND USE OF PERSONAL INFORMATION FROM SITE USERS

We collect personally identifiable information from Users who provide it to us for billing purposes. For example, We collect Your name, street address, city, state, zip
code, telephone number, email address, and financial information, such as a credit card number, if You use the Site to register or renew a license. We may use this
information to contact You regarding the status of Your account and orders placed, and to alert You to new information, products and services, events and other
opportunities. We recognize that You may wish to limit the ways in which You are contacted and provide You with opt-out options below. Information about Our experiences and
transactions with you, such as your payment history, types of services and/or products you purchased are not shared with organizations outside of Stickley on Security.

We will not disclose to third parties (that is, people and companies that are not affiliated with Us) individually identifying information, such as names, postal and e-mail
addresses, telephone numbers, and other personal information, except to the extent that it is necessary to process and provide You with Your order, license request or
other request. Your contact information may also be provided to the extent necessary to comply with applicable laws or legal processes (e.g., subpoenas), or to meet contractual obligations outlined in this policy, or to protect Our
rights or property. We will cooperate with all law enforcement authorities.

If Your order, license request or other request is processed by a third-party, or if You are provided with bulletin boards and chat rooms and/or email capabilities on
this Site, please note that in the event that You voluntarily disclose personally identifiable information in those instances, that information, along with any substantive
information disclosed in Your communication or post, can be collected, correlated and used by third parties. This may result in unsolicited messages from third parties. Such
activities are beyond Our control, and We encourage You to check the applicable privacy policy of such party when providing personally identifiable information.

For each visitor to this Site, Our server can detect and collect certain information, including the User's domain name and e-mail address, and can identify the Web pages the
User visited or accessed. We may use this information in order to measure interest in and use of the various areas of the site.

We do not knowingly solicit information from children and We do not knowingly market the Site or its services to children.

OPT-OUT

You may at any time opt out of having Your personal information used by Us to send You promotional correspondence by contacting Us via e-mail provided in the "Contact Us"
section below.

PROMOTION CODES

"Promotion codes" are offered by third-party affiliates of the Stickley on Security Training Videos. If you choose to include a "Promotion Code" when placing your order, the affiliate who is associated with that promotional code will receive your organizations name. They will NOT however receive any other information related to your account. The sharing of the organization name only applies when a "Promotion Code" is included during the order process.

USE OF COOKIES

1. First-party cookies
User input cookies to keep track of the user's input when filling online forms, shopping carts, etc., for the duration of a session, or persistent cookies limited to the duration of an operation such as purchase or trial;
User identification persistent cookies, to identify the user visited the website for the first time;
Authentication cookies, to identify the user once he has logged in, for the duration of a session;
user interface customization cookies such as time zone and shopping cart status info, for the duration of a session (or slightly longer).

2. Third-party cookies
social plug in content sharing cookies, for logged in members of a social network;
Google Analytics cookies to generate statistical data on how the visitor uses the website.

How do we use them?
Where strictly necessary. These cookies and other technologies are essential in order to enable the Services to provide the feature you have requested, such as remembering you have logged in.

For functionality. These cookies and similar technologies remember choices you make such as time zone and shopping cart info. We use these cookies to provide you with an experience more appropriate with your selections and to make your use of the Services more tailored.

For performance and analytics. These cookies and similar technologies collect information on how users interact with the Services and enable us to improve how the Services operate. For example, we use Google Analytics cookies to help us understand how visitors arrive at and browse our products, services and website to identify areas for improvement such as navigation, user experience, and marketing campaigns.

Social media cookies. These cookies are used when you share information using a social media sharing button or .like. button on our websites or you link your account or engage with our content on or through a social media site. The social network will record that you have done this. This information may be linked to targeting/advertising activities.

How can you opt-out?
To opt-out of our use of cookies, you can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from websites you visit. If you do not accept cookies, however, you may not be able to use our Services.

Updates to this Cookie Policy
This Cookie Policy may be updated from time to time. If we make any changes, we will notify you by revising the "effective starting" date at the top of this notice.

INFORMATION SECURITY AND CONFIDENTIALITY

We maintain physical, electronic and procedural safeguards to prevent the unauthorized release of or access to Your personal information. When We transfer and receive
certain types of sensitive information such as financial information, We redirect visitors to a secure server. We do not store or reuse Your credit card information. We do
not record or manager financial information about You (including credit card and other payment information). However, such precautions do not guarantee that this Site is
invulnerable to all security breaks. We make no warranty, guarantee, or representation that the use of this Site is protected from viruses, security threats, or other
vulnerabilities and that Your information will always be secure. We cannot guarantee the confidentiality of any communication or material transmitted to/from Us via the Site
or e-mail. Use of the Internet is solely at Your own risk and is subject to all applicable local, state, federal, and international laws and regulations.

THIRD PARTY PROCESSING

Stickley on Security uses the vendor Authorize.net to process all payment transactions. When making a purchase on this site, You also accept the Terms and Conditions and
Privacy Policy of Authorize.net.

CONTACT US

This Privacy Policy may be updated periodically and posted on this Site. It applies only to Our online practices and does not encompass other areas of the organization. We
reserve the right to change this Policy at any time by posting revisions. By accessing or using the Site, You agree to be bound by all of the Terms of this Privacy Policy as
posted at the time of Your access or use. We reserve the right to contact Users of the Site regarding changes to the Terms and Conditions generally, this Privacy Policy
specifically, or any other policies or agreements relevant to the Site's Users. If You have any questions about this Policy, You may email to:

Keep up with the latest cyber security news through our weekly Fraud News & Alerts updates.
Each week you will receive an email containing the latest cyber security news, tips and breach notifications.

Simply complete the form below and you're all set.

You're all set!

You will receive your first official security update email within the next week.
A welcome email has also just been sent to you. If you do not receive this email within the next few minutes, please check your Junk box or spam filter to confirm our emails are not being blocked.